Serious browser bug main feature of monthly alerts, Adobe Flash issue also patched.
Microsoft
has released the December Patch Tuesday security bulletin, with a total of six alerts. The most significant issue covered is a serious vulnerability in the
Internet Explorer
browser software.
Three of the six bulletins were marked as ‘Critical’, with vulnerabilities in
Microsoft Project
and Internet Authentication Services fixed alongside the now customary cumulative patch covering a selection of problems recently spotted with
IE
. All could lead to remote execution of code.
Less serious, but still labelled ‘Important’, were fixes for the Local Security Authority Subsystem Service (LSASS),
Active Directory
and text conversion features in
WordPad
and
Office
applications.
Once again
Adobe
has followed
Micorosoft
‘s lead by releasing its own set of updates on the same date – a serious flaw in the
Flash player
software, again described as ‘critical’, has been patched, and further alerts have been issued about
Illustrator
products.
The official
Microsoft
bulletins are available
here
, with a summary from
SANS
here
and some commentary in
The Register
here
.
Adobe
‘s alerts are
here
. As always,
VB
advises readers to ensure all systems are fully patched and up-to-date as soon as possible.
Posted on 09 December 2009 by
Virus Bulletin
Leave a Reply